Getting Started with Windows Server Security

Book description

Develop and implement a secure Microsoft infrastructure platform using native and built-in tools

In Detail

Windows Server 2012 provides security features and solutions that can be used as standalone security solutions as well as integrated solutions with your existing security or auditing tools.

To begin, you will learn how to implement baseline security using Microsoft Security Configuration Wizard and how to lock down unwanted services, along with how to configure your Windows firewall. You will see how to enable and use native tools including AppLocker to identify and mitigate risks and tighten up your Windows Server infrastructure security.

This book also walks you through best practices for designing and building a secure Microsoft server platform, with instructions on configuration and managing Dynamic Access Control and polices.

At the end of the book, installation and configuration of Windows Server Update Services, which plays a crucial role in the security space, is covered.

What You Will Learn

  • Design a secure Windows Server platform based on the best practices and industry standard recommendations
  • Identify and mitigate security risks using tools such as Security Configurations Wizard, ASA, AppLocker, BitLocker, and EMET
  • Follow step-by-step instructions to tighten the security of your Active Directory file, print server, Hyper-V and IIS servers, and application roles
  • Develop a secure access control mechanism using the Dynamic Access Control (DAC) feature
  • Learn how to maintain security and deliver new security updates and patches using the Windows Server Update Service (WSUS)
  • Discover how PowerShell cmdlets and custom scripts can support your day-to-day security admin tasks

Table of contents

  1. Getting Started with Windows Server Security
    1. Table of Contents
    2. Getting Started with Windows Server Security
    3. Credits
    4. About the Author
    5. Acknowledgments
    6. About the Reviewers
    7. www.PacktPub.com
      1. Support files, eBooks, discount offers, and more
        1. Why subscribe?
        2. Free access for Packt account holders
        3. Instant updates on new Packt books
    8. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Errata
        2. Piracy
        3. Questions
    9. 1. Operating System and Baseline Security
      1. Microsoft Windows Server
      2. Baseline and security
        1. Security Configuration Wizard
          1. Translating your policy into a technical policy
          2. Creating a policy template
          3. Policy review and validation
          4. Policy implementation
        2. Analyzing the result and troubleshooting
        3. A backup or rollback plan
      3. Summary
    10. 2. Native MS Security Tools and Configuration
      1. Microsoft SCM
        1. Installing Microsoft SCM
      2. Administering Microsoft SCM
      3. Creating and implementing security policies
      4. Exporting GPO from Active Directory
      5. Importing GPO into SCM
      6. Merging imported GPO with the SCM baseline policy
      7. Exporting the SCM baseline policy
      8. Importing a policy into Active Directory
      9. Maintaining and monitoring the integrity of a baseline policy
        1. Microsoft ASA
      10. Application control and management
        1. AppLocker
          1. Creating a policy
          2. Auditing a policy
          3. Implementing the policy
        2. AppLocker and PowerShell
      11. Summary
    11. 3. Server Roles and Protocols
      1. Server types and roles
      2. Managing servers using Server Manager
        1. Monitoring and securing server roles
          1. Creating a server role baseline report
          2. Analyzing production servers
      3. Server Message Block
        1. Configuring and implementing SMB
        2. Identifying the client and server operating system
        3. Verifying the current SMB configuration
        4. Enabling or disabling the SMB encryption
        5. Verifying SMB communication
      4. Summary
    12. 4. Application Security
      1. File or data server
        1. Applying baseline security
        2. The access mechanism
        3. Data protection
          1. Removing unwanted shares
          2. Data encryption using BitLocker encryption
            1. Installing BitLocker
            2. Verifying the encryption status
        4. Encrypting data volume
        5. Managing BitLocker volume
      2. Print server
        1. Applying baseline security
        2. The print server role security
        3. Print server access mechanisms
        4. The printer driver security and installation
        5. Print server and share permissions
      3. Hyper-V servers
        1. Applying baseline security
        2. Securing the access mechanism
        3. Guard protection
          1. Enabling the guard protection
        4. Encrypting Hyper-V host servers
      4. Internet Information Services
        1. Applying baseline security
        2. Securing web server components
        3. Securing the access mechanisms
        4. Adding dynamic IP restrictions
      5. Summary
    13. 5. Network Service Security
      1. Baseline policies
        1. Read-only Domain Controllers
        2. Installing RODCs
        3. Configuring RODCs
        4. Domain Name System
        5. Applying a DNS baseline policy
        6. Enabling Scavenging on a DNS server
        7. Enabling Scavenging on a DNS zone
        8. Securing DNS dynamic updates
        9. Cache poisoning attacks
      2. Dynamic Host Configuration Protocol
        1. Applying a DHCP baseline policy
        2. Controlling and segregating IP address allocation
        3. Configuring PBA
        4. Securing DHCP administration
        5. IP address and DNS management and monitoring
      3. Service accounts
        1. Group Managed Service Accounts
          1. Creating a KDS root key
          2. Creating Group Managed Service Accounts
          3. Installing Group Managed Service Accounts
          4. Configuring Group Managed Service Accounts
      4. Enhanced Mitigation Experience Toolkit
        1. Installing Enhanced Mitigation Experience Toolkit
        2. Configuring Enhanced Mitigation Experience Toolkit
      5. Summary
    14. 6. Access Control
      1. Dynamic Access Control
        1. Enabling the KDC support
        2. Creating claim types
        3. Creating and enabling resource properties
        4. Creating a central access rule
        5. Creating a central access policy
        6. Deploying a central access policy
        7. Configuring folder permissions on a file server
        8. Verifying access the control configuration and permission
      2. Summary
    15. 7. Patch Management
      1. Microsoft Windows Server Update Services
        1. Installing the WSUS web role
        2. Configuring WSUS
        3. Configuring and deploying automatic updates
        4. Administering WSUS
          1. Creating groups
          2. Managing updates
          3. Managing the group membership
      2. Summary
    16. 8. Auditing and Monitoring
      1. Auditing
        1. Default auditing policies
        2. Enabling Global Object Access Auditing – filesystem
        3. Enabling Global Object Access Auditing – directory services
        4. Event forwarding
          1. Configuring the source computer
          2. Configuring the target (collector) computer
          3. Troubleshooting event forwarding
      2. Monitoring
        1. Microsoft Best Practice Analyzer
        2. Monitoring the performance
      3. Summary
    17. Index

Product information

  • Title: Getting Started with Windows Server Security
  • Author(s): Santhosh Sivarajan
  • Release date: February 2015
  • Publisher(s): Packt Publishing
  • ISBN: 9781784398729